Cannot create an Environment because of

0

I tried to create an MWAA Environment.
But I couldn't because of this error.

Error: error creating MWAA Environment: ValidationException: Unable to check PublicAccessBlock configuration for the account MY AWS ACCOUNT ID: Access Denied (Service: S3Control, Status Code: 403, Request ID: B0C335WJPKE3X4N9, Extended Request ID: 0kRvvV6plctbztoNhIEmJkiQzS8gL4CCrNnLCSE+GCqUdLgkHVSuMQDxvsiBORmzONL1kHNtqkc=)

At first, I tried it using Terraform v0.14.3 and its AWS Provider v3.36.
After that, I tried the same using AWS Management Console and faced the same error.

How can I solve the problem?

I'm not sure if it's related, but here are the Policies attached with the execution role for the Environment.

Assume Role Policy:
Actions:
sts:AssumeRole
Principals
Services = "airflow-env.amazonaws.com", "airflow.amazonaws.com"

Attched Policy:
Actions:
** s3:GetBucket**
** s3:GetObject**
** s3:List**

Resources:
arn:aws:s3:::BUCKET_NAME
arn:aws:s3:::BUCKET_NAME/*

Edited by: yuyatakeyama on Apr 11, 2021 10:55 AM

posta 4 anni fa1861 visualizzazioni
1 Risposta
0

I solved it by myself.
I needed to enable "Block all public access" for the S3 bucket storing DAGs.

con risposta 4 anni fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande